I have installed XAMPP on a WinXP system and have great success with the product thus far on getting everything installed and running as a service. I have also loaded XAMPP onto a Linux box (process was easier). On the Win32 ver I have ran into complications though. The Linux version of XAMPP has a security script that can be ran and locks the system down effectively. The Win32 ver of XAMPP does not have a 'security' script that will password protect many of the packaged software components.

The SSL in Win32 works well if manually connecting to https:// . However when I go to http:// the default XAMPP directory does not force the connection to use SSL and posts the default pages with out password as well.

How do I make the default directory force SSL ???How do I turn on the password protection ???

I have attempted to read the Apache 2.0 support docs but they are not very user (noob) friendly.

Is there a user (noob) friendly link someone can send that will assist me ???

Is there a 'security' script that I can run on Win32 XAMPP that will put in the securities the way Linux XAMPP has them, did I overlook it ???

I have used the mod_rewrite to redirect the default XAMPP server to SSL.
In the .htaccess file I have used the folling information:
C:\xampp\htdocs\.htaccessRewriteEngine On
RewriteCond %{SERVER_PORT} !443$
RewriteRule ^(.*)$ https://xxx.xxx.xxx.xxx/$1 [R,L]

This is what is being done (atleast what a noob can determine):
When you access the website http://xxx.xxx.xxx.xx it accesses the first .htaccess file and checks to determine if the browser is using ServerSide port 443 (SSL) if not it redirects the browser to port 443 (SSL).

After the SSL redirect the browser then accesses the /xampp/ directory to access the splash screen. It requires a password using Basic authentication. If the user enters the redirected URL manually then they will still be redirected to SSL port.

*************************************************************
Questions I have.
Can this be done with a single .htaccess file? I want the SSL connection established first before the Basic authentication.

OR

Can I drop the SSL bit and use another authentication type that is encrypted?[/quote]